Connect with us

Expert Speak

The Cyber Insurance Question

Published

on

Written by Jake Moore, Cyber Security Specialist for ESET

When you work in IT and you’re at a dinner party and somebody asks, “What do you do?” you can usually see the blood run from their face as they’re like, “Oh my God, why me? My one night out this week! Why did I ask?!” However, recently, I was invited to a dinner party with place names (A little over the top? Or strategic?) and I was placed next to an insurer. Naturally, the host knew that people in IT and insurance would get along like a house on fire. Or was it to keep the nerds down one end of the room? I’m not entirely sure.

Anyway, after he introduced his role and company to me, it was my turn to divulge what area of IT I was in. I mentioned the word cyber and before I could say security, he was telling me that there is cyber insurance that will “cover everything”. Everything?! This was a bold claim and suddenly our end of the table became the noisy end.

I instantly questioned his statement as to what level people are covered and he claimed as a cyber insurance broker that they pay out for all ransomware attacks – whatever value the ransom is. I was astonished! For all my time at the police I had it ingrained in my mind that crime doesn’t pay and by fuelling cybercrime you are funding the bigger picture of international organised criminal gangs, which will just increase the more they receive.

“We have become accustomed to the fact that the cybercriminals are winning and with law enforcement struggling to contain it”

So this took me to Google not just to research this claim but also to question his ethics as this was now starting to sound illegal. My research suggested that “Due diligence is required to ensure ransoms are not paid to ‘terrorist’ cyber attackers”. Pointing this out made him even more smug yet there was nothing I could do to suggest that they will never know the origin of the cyberattacker. So how can insurers pay a ransom when it could be going to a terrorist? His defence angle was vice versa suggesting that there is nothing to prove they are!

Ethically this is against everything I know but who’s in the wrong here? The cyber insurers or the governing rules? What on earth are companies thinking when they are sold cyber insurance? Are they of the mindset that if the worst case scenario occurs, that their broker will just pay the ransom and get them out of the hole they are in? Well yes – that seems to be exactly what is happening. We have become accustomed to the fact that the cybercriminals are winning and with law enforcement struggling to contain it.

“It seems very few people believe that prevention is the best option because people will always seek the easiest way out”

Cyber insurance is currently booming and many insurers are offering varying levels of protection to customers who (personally) seem in the dark about a lot when it comes to cybersecurity. We all know that scaring tactics aren’t the best way to go about selling a product yet increasing hacking stories in the media are certainly making CEOs a bit twitchy.

Rightly so that C suite staff should be raising their heads above their monitors when it comes to their infrastructure security but is insurance better than prevention? Do they think insurance is prevention? Even forgetting ethics for a moment, paying a criminal to receive your data back could be just as catastrophic should malware be transmitted along with the back up – along with your premium increasing in the next year with your insurer.

By simply reducing the risk beforehand is a far better way to keep this threat from exploding within a company? This is easily achievable by training, anti malware software and setting privilege rights correctly.

So back to my new acquaintance at the dinner party, which I was now in a full on debate even with interjections from other professions around the table giving their two cents worth. It seems very few people believe that prevention is the best option because people will always seek the easiest way out. Unless we force people to include prevention methods from the outset, people will inevitably fall back on reactive measures which we have seen do not always work.

Click to comment

Leave a Reply

Expert Speak

Watch Out for These Scams Targeting Amazon Customers

Published

on

Written by Amer Owaida, Security Writer at ESET

Amazon is the largest online marketplace in the world boasting over US$386 billion in revenue in 2020 with 200 million subscribers to its Amazon Prime service just in the United States. And that’s just a fraction of the whole customer base that it serves around the globe year-round. Of course, such a huge customer pool attracts cybercriminals who are looking to make a bank by scamming unsuspecting victims with a variety of tricks that they have in their arsenal of scammery.

Fake order phishing email
As with any major service, Amazon is no stranger to being spoofed or impersonated by enterprising fraudsters who are looking to dupe people out of their personal information or to access credentials to their accounts. The emails you may receive can take on various forms, however, they usually impersonate a common Amazon dispatch email, that regular customers have encountered many times over. For example, you might receive one confirming a purchase that you didn’t make and tries to trick you into clicking on various links that look like contact information to Amazon’s customer service.

These links can then redirect to something looking like the official Amazon login page, however, when you try to sign in you will have divulged your credentials to the scammer. Alternatively, by clicking on the link or attachment in the email you may download a malicious payload to your device that will attempt to download keylogging software that will try to harvest your credentials to any services you use.

Generally speaking, unless the fraudster behind the scam did an immaculate job with the counterfeit email there are several warning signs that will give it away as an attempt at phishing. If the email contains, typos, grammar mistakes, or an attachment it is most assuredly a scam. When checking out a link that you’ve received in an email, by hovering your cursor over it, check whether the address is something.amazon.com where something is one of many valid Amazon subdomains – for example, pay.amazon.com or www.amazon.com. If you suspect that you’re being phished you should contact Amazon directly, since it takes these issues seriously.

Gift card scams
Gift card fraud is another perennial problem that you can encounter. The con-artists may utilize different strategies to dupe their victims, however, the ultimate goal remains the same – trick them into purchasing and sending Amazon gift cards. Popular tactics usually include evoking a sense of urgency or pressure in order to make victims act quickly rather than give deep thought to the contents of the message or phone call.

Victims may receive unsolicited email messages or phone calls about a pressing issue involving their social security numbers or benefits and to resolve it they’ll have to pay a penalty using gift cards. Alternatively, victims may be told that a family member is in trouble and needs financial help. There are multiple scenarios at play where fraudsters can also impersonate Amazon itself, claim to be someone from the management of the victim’s employer, you name it.

However, fortunately, most of these scams can be uncovered quite easily if you keep a cool head. Government officials will never ask you to pay a fine or penalty with a gift card, so you can be 100% sure that if you get such a request it’s a scam. As for the rest of the scenarios, to verify the claims you just need to call your family member to see if they’re in trouble or the person from your company that requested the gift cards. And of course, it goes without saying that you should contact all of the aforementioned people or institutions through the verified official channels.

Payment scams
Payment scams come in many shapes and sizes, and while the form may differ, in the end, the scammers behind them are after only one thing – the contents of your bank account. There are multiple ways that this can occur. One tactic that is often utilized is trying to convince you to pay outside Amazon’s secure platform. The crooks will try to lure you in various ways by offering a discounted price, for example, however, if you relent, the most probable outcome is that you’ll both lose your money and won’t get the product.

And additionally, you won’t be able to lodge a complaint with Amazon since you paid the fraudulent charges outside the confines of their platform. Other flavors of payment scams to watch out for include paying to claim a prize that you’ve supposedly won or to a seller whose identity you can’t verify, and avoid offers that seem too good to be true or that you find suspicious.

The obvious advice, in this case, is to stick to Amazon’s platform for all orders and payments. Even the company itself warns against sending money outside the confines of its platform: “Don’t send money (by cash, wire transfer, Western Union, PayPal, MoneyGram, or other means, including by Amazon Payments) to a seller who claims that Amazon or Amazon Payments will guarantee the transaction, refund your funds if you’re not satisfied with the purchase, or hold your funds in escrow.”

Dodgy phone calls
Sometimes scammers will resort to more “analog” means to try and hoodwink their victims – fake support calls. The content of the calls might vary, however, they often sound like a pre-recorded message impersonating Amazon claiming it has registered something wrong with your account, something that would pique your interest – a fishy purchase, lost package, etc.

According to a warning issued by the United States Federal Trade Commission, the message will then either inform you to press 1 to speak to a customer support agent or give you a number to call back. If you engage in conversation, the scammers will most likely try to wheedle sensitive data out of you like your personal information or your payment data.

The most sensible thing to do, before going into full-blown panic mode, is to check if there is anything suspicious going on by contacting Amazon through the direct channels listed on the support section of their website. The company does acknowledge that in some cases it may make outbound calls but it will never ask customers to reveal any sensitive personal information in order to verify their identity.

In summary
When it comes to online shopping and its related activities the saying “trust but verify” remains as true as ever. To sum it up, most of the scams can be avoided if you remain vigilant, curious, and keep your wits about you. If you receive any unsolicited emails be extra careful to verify their provenance and never divulge personal sensitive information to anyone claiming to be a “customer support representative or agent”.

Continue Reading

Expert Speak

Create a Ring of Security Around Your Home

Published

on

With an app and a couple of gadgets, technology can provide peace of mind in the toughest of times – whether you’re at home or away, says Mohammad Meraj Hoda, vice president of Business Development – Middle East & Africa at Ring

Over the last year, we have learned that there’s no such thing as a predictable routine. Even as UAE authorities do their utmost to prevent the spread of the coronavirus, once-mundane everyday schedules can easily be disrupted by abrupt school closures, sudden quarantines or even an endless procession of deliveries of all kinds. At times when it can all get a bit too much, an extra layer of security can offer peace of mind.

But when you can’t bring in new household help with visa and travel restrictions, technology can do your bidding instead. Indeed, technology is now so far advanced that with a couple of installs and a few quick tweaks, you can protect your home inside and out. With a video doorbell, indoor cameras around the house, and an app, you can create a ring of security around your home within a few minutes.

When you choose a single brand of products, such as Ring, the appliances can easily work together, and best of all, everything can be monitored from your smartphone – even if you happen to be elsewhere physically. As UAE residents have become more alert to visitors and the risks accompanying them, convenience and safety are more important than ever. This is where Ring’s bouquet of products can help.

Video Doorbells Help Everyone
Since they were first created in 2013, video doorbells have proved their worth repeatedly in many different situations around the world. From a bear trying to open a car door to meteors flying through the skies, they have captured a number of untoward and unwanted visitors around the world. Products such as the Ring Video Doorbell 3 are activated by motion around your front door and begin recording events within their line of sight. Because Ring video doorbells connect to the internet via your home Wi-Fi system, this video feed can be set to be livestreamed straight to your phone, or you can access it later.

Even if you are at home, there is no need to go to the door. You can see who your visitors are from your smartphone. With the Ring Video Doorbell 3, you simply tap on the alert to check who’s at the door and even communicate with them. Even if you are at home, you can safely keep your distance from visitors, and if necessary, ask them to leave packages at your door.

Indoor Cameras Offer Peace of Mind
Meanwhile, for family-focused people who are away in the office or at an event outside the home (perhaps even in another emirate!), an indoor camera provides the assurance that no untoward incidents have taken place at home. Perhaps you want to chat with those who are at home, verify if your teenage kids are getting to their homework, or if your cat has been playing up while you’re away. A quick check is easy with a compact indoor camera such as Ring’s new Indoor Cam, which slots unobtrusively into small spaces around the home.

This clever new device makes it easy to speak with older family members or see if school children have reached home. Between the indoor cameras and the outdoor doorbell camera, you can easily keep an eye on every corner of your home from anywhere. In addition, with Ring’s Protect Plan, it’s easy to add an extra layer of security to your home.

Although life has become more challenging on so many fronts, technology can help the stresses of living through these strange times. A little planning and a few moments’ work can go a long way to securing peace of mind for everyone at home.

Continue Reading

Expert Speak

One in Six People Use Pet’s Name as Password, Says ESET

Published

on

Written by Amer Owaida, Security Writer at ESET

(more…)

Continue Reading
Advertisement
Advertisement
Advertisement
Advertisement

Latest Reviews

Follow us on Facebook

%d bloggers like this: